CAcertApp on Xiaomi: Assigning, Setup, and Solving Certificate Problems

If you've ever looked at the list of system applications on a Xiaomi smartphone, you've probably noticed a strange name: CAcertApp. This utility software doesn't have a label on the desktop, doesn't show up in the app menu, but it takes up space in memory and sometimes appears in the system logs. What is it? Why is it needed? And why can't it be removed in standard ways?

In this article, we will discuss in detail how CAcertApp works on Xiaomi, Redmi and other devices. POCO, We will explain its connection to connection security, and show you how to properly manage root certificates if you have errors when connecting to Wi-Fi, websites or corporate networks. NET::ERR_CERT_AUTHORITY_INVALID or applications refuse to work with HTTPS.

Spoiler: 90 percent of the time, CAcertApp doesn't require manual intervention, but if you've experienced certificate errors after resetting, firmware or custom software, our instructions will help you get everything back to work.

What is CAcertApp on Xiaomi and why you need it

CAcertApp (Certificate Authority Application) is a system application responsible for managing root certificates on Xiaomi devices, built into MIUI firmware and runs in the background, providing:

  • πŸ”’ Authentication SSL/TLS-Certificates when connecting to secure sites (HTTPS), Wi-Fi networks with encryption and corporate VPN.
  • πŸ“± Storage of Trusted Certification Centers (CA), Resources that confirm the legitimacy of resources (e.g. Let's Encrypt, DigiCert, GlobalSign).
  • πŸ”„ Automatically update the list of trusted certificates through security updates MIUI.
  • πŸ›‘οΈ Protection against man-in-the-middle attacks" (MITM), When an attacker replaces certificates to intercept traffic.

In fact, CAcertApp is the equivalent of a certificate store in Windows or macOS, but adapted for Android. Without it, your smartphone would not be able to distinguish a real vk.com site from a phishing copy, and banking applications would not work due to the lack of trusted root centers.

It is important to understand that it is not a virus or spyware. Xiaomi does not collect your data through it – the application works locally and only interacts with Android system components. However, in some cases (for example, when using custom firmware or rooting), its operation may be disrupted, which leads to connection errors.

πŸ“Š Have you ever experienced a certificate error on Xiaomi?
Yeah, often.
Yeah, but rarely.
No, never.
I don't know what it is.

Where is CAcertApp and how to find it

Since CAcertApp is a system application, it doesn't appear in the main menu. To find it, follow these steps:

  1. Open Settings β†’ Applications β†’ Application Management.
  2. Click on the three dots in the upper right corner and select Show System Processes.
  3. In the search bar, type CAcertApp or com.android.cacertapp.
  4. The results will show an app with a grey lock icon (or without an icon).

In some versions of MIUI (e.g. MIUI 14 and later), the path may be slightly different:

Settings β†’ Applications β†’ All applications β†’ Filter β€œSystem” β†’ Search β€œCAcert”

If you don't find the app through the interface, you can use ADB (Android Debug Bridge) and connect the smartphone to your PC and follow the command:

adb shell pm list packages | grep cacert

This will bring the full path to the package, for example: package:com.android.cacertapp.

πŸ’‘

Do not try to remove CAcertApp through standard settings – this will cause malfunctions in the work. HTTPS-If you want to free up space, you better turn off the app cache in its settings.

Typical CAcertApp Problems and How to Solve Them

In most cases, CAcertApp works invisibly, but sometimes users experience errors, and here are the most common symptoms and their causes:

Problem.Possible causeDecision
Mistake. NET::ERR_CERT_AUTHORITY_INVALID browser-wiseThere is no trusted root certificate for the siteUpdate certificates through Settings β†’ Security β†’ Trusted credentials
Applications cannot connect to HTTPS (e.g. banking)Resetting settings or damage to the certificate repositoryInstall certificates manually or reset security settings
Wi-Fi with Enterprise encryption (802.1X) is not connectedThere is no certificate for authenticationImport a network certificate through Wi-Fi settings β†’ More
CAcertApp consumes a lot of batteryBackground check of certificates with a weak InternetRestart the device or clear the app cache

If the problem persists after standard actions, try the following steps:

Reset network settings in Settings β†’ Reset |

Update MIUI to the latest version|

Check the date and time on the device (incorrect settings cause certificate errors)|

Remove recently installed user certificates in Settings β†’ Security-->

For advanced users, if errors occur after firmware or rooting, the certificate repository may be damaged.

adb shell cmd package compile -m speed -f com.android.cacertapp

It reassembles the app cache, which sometimes solves problems with downloading certificates.

What to do if CAcertApp is completely off?
If after a failed update or reset, CAcertApp stopped working at all (apps can not connect to any of the applications). HTTPS-The only reliable way to do this is to completely flash the device through Fastboot. Use the official firmware from Xiaomi for your model. Recovery through Recovery may not help, as the system applications are not reinstalled.

How to Update Certificates in CAcertApp

The list of trusted certificates is updated automatically through MIUI security updates, but if you encounter errors (for example, old sites stopped opening), you can force them to manually update them:

  1. Go to Settings β†’ About the phone β†’ System update.
  2. Click on the three dots in the top right corner and select Update Security Packages (if there is one).
  3. If there are no updates, check out the MIUI version – a full firmware update may be required.

For Android 12+ devices (including MIUI 13/14), certificates are updated through Google Play Services.

  • πŸ“± Google Mobile Services is installed on the device (GMS).
  • πŸ”„ Auto-Update Apps in Play Market Enabled.
  • 🌐 There is a stable connection to the Internet (preferably Wi-Fi).

If you are using a device without GMS (e.g. Xiaomi for the Chinese market), the certificate update is only through firmware, in which case it is recommended to install global or European versions of MIUI, where GMS support is present out of the box.

πŸ’‘

On devices without Google Services (such as the Chinese version of Xiaomi), certificates are updated only through firmware, which can lead to delays in supporting new security standards.

Can I delete CAcertApp and what happens if I do it?

Technically, you can remove CAcertApp only with root rights or through ADB debugging USB. However, removal will lead to complete incapacity. HTTPS-Connections: Browsers, instant messengers and banking applications will no longer connect to protected resources, and Wi-Fi networks with Enterprise encryption will become unavailable.

If you still need to free up space or disable the application, do the following:

  1. Open the CAcertApp settings (as described above).
  2. Click Disable (Do not "Delete"!).
  3. Clear the cache and application data.

This won't delete the app completely, but it will stop its background activity.

⚠️ Warning: Disabling CAcertApp may cause malfunctions in applications using HTTPS (For example, WhatsApp, Telegram, bank clients, and you can only restore your work by restarting or returning the settings of the application to the factory.

For root-right users: If you have deleted CAcertApp and encountered problems, restore it from the backup or reflash the device. Restore via Titanium Backup or similar tools may not work due to off-the-shelf integration with the system.

CAcertApp and Enterprise Networks: Configuring User Certificates

If you connect to a corporate Wi-Fi network with WPA2-Enterprise encryption or use a VPN with certificates, you may need to install additional root certificates.

  1. Download the certificate (usually a file with the.crt or.pem extension) to the device.
  2. Go to Settings β†’ Security β†’ Install from storage (the path may vary depending on the version of MIUI).
  3. Select the downloaded file and confirm the installation.
  4. If necessary, specify the name of the certificate and select the scope (Wi-Fi, VPN or applications).

To connect to Wi-Fi with certificates:

  1. Open the Settings. β†’ Wi-Fi.
  2. Select a network that requires a certificate.
  3. In the CA-certificate field, specify the certificate installed.
  4. Enter your login/password (if required) and connect.

If the certificate is not installed, check:

  • πŸ“„ File format – only.crt,.pem and.der are supported.
  • πŸ” Certificate not expired (check date in file properties).
  • πŸ“± The device has enough free space (minimum 100 MB on the system partition).

⚠️ Note: Installing user certificates from unverified sources could put your device at risk MITM-Use only certificates provided by a network administrator or trusted organizations.

CAcertApp on custom firmware (LineageOS, Pixel Experience, etc.)

If you have custom firmware installed (like LineageOS, Pixel Experience, or Havoc-OS), CAcertApp may not work properly or at all.

  • πŸ“¦ Unofficial firmware often lacks proprietary Xiaomi components.
  • πŸ”„ Updating certificates via Google Play Services may be disabled.
  • πŸ”§ The certificates can be replaced by a standard AOSP (Android Open Source Project).

To restore the working capacity:

  1. Install Open GApps (nano or pico package) – it contains up-to-date root certificates from Google.
  2. Or manually run MIUI CAcertApp through TWRP (if there is a compatible version for your model).
  3. Update your firmware to the latest version – many custom builds include fixes for working with certificates.

To check the current certificates on custom firmware, use the command:

adb shell cmd package list packages | grep -E'cacert|cert'

If the output does not include com.android.cacertapp, then the application is missing and needs to be restored.

FAQ: Frequent questions about CAcertApp on Xiaomi

Can I transfer certificates from one Xiaomi phone to another?
Yes, but only if both devices are running the same MIUI and Android version. To do this: Copy certificate files from /data/misc/user/0/cacerts-added/ (you need root). Move them to the new device in the same folder. Reboot your smartphone. Without root rights, transfer is only possible through export/import manually for each certificate.
Why did some sites stop opening after resetting?
When reset, user certificates are deleted, but system certificates are saved. If a site uses a certificate from a little-known center (for example, a corporate one), it should be reinstalled. Check the list of trusted certificates in Settings β†’ Security.
CAcertApp consumes a lot of battery. What do you do?
It could be because of: πŸ”„ Frequent Certificate Checks with a Weak Internet. πŸ“΄ A damaged app cache. πŸ”„ Background security updates. Solutions: Clear the cache in the application settings. Turn off automatic certificate verification (if there is one in the settings). Update MIUI last-minute.
How to check which certificates are installed on my Xiaomi?
There are two ways: Go to Settings β†’ Security β†’ Trusted credentials. All system and user certificates will be displayed there. ADB (USB debugging required): adb shell ls /system/etc/security/cacerts/ This command will display a list of all system certificates.
Is it safe to remove user certificates?
Yes, if you installed them yourself and no longer use the networks/applications they were intended for, but don't delete the system certificates, which will lead to errors when connecting to most of the systems. HTTPS-To distinguish between user certificates and system certificates, please see the Trusted credentials section in the settings: System certificates are marked as System and user certificates are marked as User certificates.